WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 09:04:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,507 Commits 9 Branches 0 Tags
d9cbb080d7cf71a7a2b5a246a08fb054a65b382d
Commit Graph

34507 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pierre-Yves Chibon
d9cbb080d7 fedocal: fix the path to the cron script 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 10:33:23 +02:00
Nick Bebout
0eae657232 Fix sudo rules for sysadmin-noc and sysadmin-veteran 2021-03-28 20:46:01 -05:00
Nick Bebout
5c1f91f588 sysadmin-hosted is not used anymore 2021-03-28 19:49:32 -05:00
Nick Bebout
1b0bcb3adf sysadmin-tools should have sudo on people 2021-03-28 19:43:57 -05:00
Kevin Fenzi
f6d6a2cffe people: people02 is on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 12:52:57 -07:00
Kevin Fenzi
7776ee7d11 people02: add sssd.conf template for people 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 12:29:01 -07:00
Kevin Fenzi
5427fc73ea people: use fedora-contributor instead of cla_done 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 12:01:08 -07:00
Kevin Fenzi
cd1430ab62 os-cluster: baseiptables should be FALSE 
The baseiptables variable controls if the base role should apply base
iptables and ip6tables templates to a host. In the case of OpenShift we
DO NOT WANT it to do this. The base iptables template doesn't handle all
the container native rules and setup that OpenShift needs to work.
This has caused multiple outages by applying this template on the
OpenShift nodes. So, set it to false here and keep it false please. :)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 10:37:46 -07:00
Kevin Fenzi
3ee897d847 fasjson: no need for output if things are working 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 12:16:04 -07:00
Kevin Fenzi
7dadf93f44 Deploy renewed openshift certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 12:05:35 -07:00
Kevin Fenzi
85ac490787 ipa / server / backups: only send errors to cron emails 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 10:42:40 -07:00
Kevin Fenzi
f92edeee68 batcave: adjust ssh_known_hosts so buildvm-s390x-01.stg works 
For ages buildvm-s390x-01.stg.s390.fedoraproject.org has needed it's ssh
key accepted on ansible runs. The problem was we were not extending the
cert authority to handle this subdomain. This commit fixes that.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 10:23:44 -07:00
Stephen Smoogen
14d9cbde02 put the task in a job which will run on the right system 2021-03-27 12:40:47 -04:00
Stephen Smoogen
48dc00ae84 Add a deep clean which restarts sssd and then cleans the cache in case of major config file changes 2021-03-27 12:28:48 -04:00
Stephen Smoogen
f7519b408b Allow sssd to ignore special users 
Currently /etc/nsswitch.conf has configurations like

passwd:     sss files
shadow:     files sss
group:      sss files

The problem is that to make sure that certain users could not be
created in IPA (like nobody root etc), they were already created but
in a restricted group. In order to allow sss to work for postfix, nfs,
nobody and such, the sssd.conf needs to ignore them in the nss
section. This adds a file which will do that.

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-27 12:20:35 -04:00
Kevin Fenzi
2d5ec6dce3 sundries: fix prod mount 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-26 14:07:32 -07:00
Kevin Fenzi
ea17f4b23c sundries: fix nfs mounts names in prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-26 13:51:45 -07:00
Owen W. Taylor
75e81cbccd Move fedora-indexer to production and remove regindexer 
* Update rsync configuration for production to sync the flatpak-indexer
  output directories into the right place, in the same way as was done
  for staging. The regindexer rsync module is renamed to flatpak-index
  for clarity.
* Update the registry.fedoraproject.org to use the flatpak-indexer
  rules for production.
* Remove the regindexer role

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2021-03-26 20:39:43 +00:00
Kevin Fenzi
6026e74b0e flatpak-indexer: deploy in prod too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-26 12:19:34 -07:00
Pierre-Yves Chibon
7a88a69dd5 toddlers: specify the KRB5_CONFIG environment variable 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 16:35:44 +01:00
Pierre-Yves Chibon
ccbda97811 toddlers: add a service name when creating the keytab 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 16:05:39 +01:00
Pierre-Yves Chibon
964fd00a7e toddlers: Try creating a keytab for toddlers 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 16:03:34 +01:00
Pierre-Yves Chibon
8b05ba47e0 toddlers: add the openshift/ipa-client role to handle kerberos 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 15:58:16 +01:00
Mark O'Brien
9b29115930 fmn: add missing comma 2021-03-26 12:34:51 +00:00
Stephen Coady
533ba99068 add missing v1 to fasjson url for fmn 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-26 11:34:53 +00:00
Aurélien Bompard
196d20086c Some Ipsilon fixes for the new openid api extension 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-26 12:11:07 +01:00
Stephen Coady
e66217f737 add forgotten keytab var 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-26 09:43:38 +00:00
Francois Andrieu
06796caabf languages: rework extract & stats jobs 2021-03-25 22:14:50 +00:00
Aurélien Bompard
ee65c1dbf0 fasjson-aliases: set the keytab env var 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 22:36:31 +01:00
Kevin Fenzi
740109a295 nagios_client / check_systemd_units: remove old debugging output 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:25:17 -07:00
Kevin Fenzi
29f31df142 pagure-stg01 is also on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:16:03 -07:00
Kevin Fenzi
8101073e8e pagure: pagure is on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:11:11 -07:00
Kevin Fenzi
1e5aefcc52 ipa03: fix ip address for ipa03 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:07:13 -07:00
Kevin Fenzi
cebb78ed82 nagios_client: the check_systemd_units is in scripts, not script 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:58:20 -07:00
Kevin Fenzi
5a915ea8ea fasjson: adjust script (no .py) and use nag-once 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:53:57 -07:00
Kevin Fenzi
b0d1ea96da bastion: add fasjson_url for fasjson role 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:47:05 -07:00
Kevin Fenzi
341862e436 fasjson: This is a template, not a file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:44:00 -07:00
Kevin Fenzi
94bdcff8ff bastion: add fasjon role to bastion 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:28:32 -07:00
Michael Scherer
f50cad1870 Since zanata is down, this cron job no longer work 2021-03-25 20:26:05 +00:00
Michael Scherer
8548f299ca Add cronjob to update the website translation 2021-03-25 20:26:05 +00:00
Nils Philippsen
f9abb293c0 ipa/client: only warn about essential vars missing 
If either `ipa_client_shell_groups` and `ipa_client_sudo_groups` are
unset or empty, sysadmin-main will still be able to login and sudo.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-25 20:22:30 +00:00
seddikalaouiismaili
eae91f0d2b install nrpe check for systemd units 2021-03-25 20:16:48 +00:00
Francois Andrieu
35664e9159 cleanup: remove phx2 from ansible-ansible-openshift-ansible 2021-03-25 20:14:10 +00:00
Pavel Raiskup
0793a1e9b3 copr-be-dev: increase quota for one user 
Nobody is using devel stack except for Copr Team, and we run heavily
parallelized unit tests so we enjoy more concurrent VMs.  In case there
are no task processed, the VM count anyways goes down to the setup in
pool.yaml.  So this change actually doesn't mean more VMs is going to be
wasted in normal situations.
 2021-03-25 21:10:06 +01:00
Stephen Smoogen
9e3b72a519 Make sure playbook is using ipa/client as a tag versus ipsilon 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 15:29:21 -04:00
Stephen Smoogen
791ab33d1c This should tune sssd on people02 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 15:28:54 -04:00
Stephen Coady
4cc5f3d8f0 remove v1 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 18:01:18 +00:00
Stephen Coady
821209cb26 hotpatch fmn to work with fasjson 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 18:01:18 +00:00
Stephen Coady
7e7cef94ad update config to use fasjson and give it the address 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 17:56:23 +00:00
Aurélien Bompard
94b32cee08 Use our custom info plugin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 18:56:08 +01:00